5.3
CVE-2022-38710
- EPSS 0.16%
- Veröffentlicht 03.11.2022 20:15:29
- Zuletzt bearbeitet 21.11.2024 07:16:58
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Robotic Process Automation information disclosure
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Robotic Process Automation Version < 21.0.3
Ibm ≫ Robotic Process Automation As A Service Version < 21.0.3
Ibm ≫ Robotic Process Automation For Cloud Pak Version < 21.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.369 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.